<html>
    <!-- Todos:
        - X-XSS-Protection:0 Header ueber click hinzufuegen http://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Common_non-standard_response_headers
        - AutoComplete Handler fuer Cookies
        - XSS/SQL injection vorschlaege auch fuer Header Eintraege machen?
    -->
    <head>
        <script src="diff_match_patch/diff_match_patch.js"><!-- Myers Diff Algorithm --></script>
        <script src="jquery/jquery-1.7.2.js"></script>
        <script src="jquery/ui/jquery.ui.core.js"></script>
        <script src="jquery/ui/jquery.ui.widget.js"></script>
        <script src="jquery/ui/jquery.ui.autocomplete.js"></script>
        <script src="jquery/ui/jquery.ui.position.js"></script>
        <script src="jquery/ui/jquery.ui.button.js"></script>
        <script src="jquery-linedtextarea/jquery-linedtextarea.js"></script>
    	<link href="jquery-linedtextarea/jquery-linedtextarea.css" type="text/css" rel="stylesheet" />
        <link rel="stylesheet" href="jquery/themes/base/jquery.ui.all.css">

        <script src="ForgePanel.js"> 
        </script>
    </head>

    <body style="background-color:#FAFAFA;">
        <h1>
            Forge Request:
        </h1>
        <h2>
            <a id = "fuzzing_link" href = "">Fuzzing Options</a>
        </h2>
        
        <table title = "URL:" id = "table_r_url">
            <tr>
                <td>
                    URL: <input type = "text" id="request_url" />
                </td>
            <tr>
            </tr>
                <td>
                    <input type = 'button' value = "Dump captures for this URL" id="save_url_captures_button"/>
                </td>
            </tr>
            <tr>
                <td>
                    <div id = "submission_via">
                    </div>
                </td>
            </tr>
        </table>

        <input type = "checkbox" name = "make_suggestions_xss" id = "make_suggestions_xss_check"> Make suggestions for xss vectors<br />
        <input type = "checkbox" name = "make_suggestions_sql" id = "make_suggestions_sql_check"> Make suggestions for sql injection<br />

        <table title = "HTTP Header:" id="table_r_header" style =  "border-color:#777777; border-width:1px; border-style: solid;">
            
            <tr>
                <td colspan="3" id="table_r_header_descr">
                </td>
            </tr>
            <tr>
                <td>
                    Header
                </td>
                <td>
                    Content
                </td>
                <td>
                </td>
            </tr>
        </table>
        <br/>
        <div>
            Header:<input type="text" id="add_header_name"/>Content:<input type="text" id="add_header_value"/><input type="button" id="add_header_button" value ="Add to Headers"/>
        </div>
        <br/>

        <table id = "table_r_cookie" style =  "border-color:#777777; border-width:1px; border-style: solid;display:none;">
            <!-- Tabelle wird eingeblendet wenn ein Cookie entpsrechend dargestellet werden kann, d.h. alle Cookies der Form name_1=wert_1; ... ;name_n=wert_n -->
            <tr>
                <td colspan="3">
                    Cookies:
                </td>
            </tr>
        </table>
        <br />
        <div>
            Cookie:<input type="text" id="add_cookie_name"/>Value:<input type="text" id="add_cookie_value"/><input type="button" id="add_cookie_button" value ="Set Cookie"/>
        </div>
        <br/>
        <div id = "sessionid_messages">
        </div>
        <div id="add_sessionid_div">
            <button id="add_sessionid_button" >Enter additional SessionID name</button>
        </div>
        <br />

        <table title = "Request Parameter:" id="table_r_params" style =  "border-color:#777777; border-width:1px; border-style: solid;">
            <tr>
                <td colspan="3" id="table_r_params_descr">
                </td>
            </tr>
            <tr>
                <td>
                    Name
                </td>
                <td>
                    Value
                </td>
                <td>
                </td>
            </tr>
        </table>
        <br/>
        <div>
            Name:<input type="text" id="add_param_name"/>Value:<input type="text" id="add_param_value"/><input type="button" id="add_param_button" value ="Add to Parameters"/>
        </div>
        <br/>
        <input type="button" id="show_response_button" value="Get response"/>
        <input type="button" id = "open_response_new_tab_button" value = "Open response in new tab (Header ignored!)" />
        <input type="button" id="set_reference_button" value="Use this als standard response"  style="display:none"/>
        
        <div id="response_radios" style="display:none;">
            <h2 id = "response_h2">Response:</h2>
		    <input type = "radio" id="radio_html_source" name="display_response" checked="checked"/><label for="radio_html_source">HTML source</label>
            <input type = "radio" id="radio_html_diff" name = "display_response" /><label for="radio_html_diff">Diff-string to standard response</label>
		    <input type=  "radio" id="radio_html_rendered" name="display_response" /><label for="radio_html_rendered">Rendered HTML</label>
            <input type=  "radio" id="radio_response_header" name="display_response" /><label for="radio_response_header">Response headers</label>
	    </div>
        <div id="response_html_source_div" style="display:none;">
            <textarea id="response_html_source" readonly = "readonly">
            </textarea>
            
        </div>
        <div id = "response_html_diff_div" style = "background-color:#FFFFFF;display:none;">
        </div>
        <div id = "response_header_div" style = "display:none;">
            <textarea id = "response_header_textarea" readonly = "readonly">
            </textarea>
        </div>
        <div id = "response_iframe_div"  style="display:none;">
            <iframe id="response_iframe">
            </iframe>
        </div>
        <div id = "form_submission_div">
            <iframe id = "form_submission_iframe" style="display:none;">
            </iframe>
        </div>
        <input type="hidden" id="request_method" value="" />
        
        <!-- load SQL/XSSCheatSheatVectors.html in iframe so we need to update only these files-->
        <iframe src = "XSSCheatSheetVectors.html" id = "xss_vectors_iframe" style ="display:none;">
        </iframe>
        <iframe src = "SQLInjectionCheatSheetVectors.html" id = "sql_vectors_iframe" style ="display:none;">
        </iframe>

    </body>
</html>